Re: Is if statement valid for cert client verification ?

I need to specify the CA certificate that signed the client certificate. So I will try that, that confused me. Thank you Le jeudi 13 mars 2025 à 01:54:04 UTC+1, Thomas Ward a écrit : On 2025-03-12 19:45, Mik J wrote: >  When I read your explanation, I understand that

Re: Is if statement valid for cert client verification ?

icate signed by the valid CA certificate (which requires them to have the private key, which if you handle data right will never happen) to access the site or its resources (and simply would get Bad Request or similar because they didn't send a proper SSL cert). --- Unless I'm misund

Is if statement valid for cert client verification ?

Hello, I remember from Nginx that "if" can be evil. I would like to validate that if can be used in the a context where I would like to authenticate my clients with a certificate. if ($ssl_client_s_dn !~ "O=MyCorp") { return 403; } Do you have any recommendation ? Thank you __

Nginx behavior still working as is today ?

Hello, Someone pointed this out to me Maxim D.: The ​try_files directive changes URI of a request to the one matched on the file system, and subsequent attempt to split the URI into $fastcgi_script_name and $fastcgi_path_info results in empty path info - as there is no path info in the URI aft

Re: How important is the "reuseport" flag for quic?

Hello, On Sat, 15 Jun 2024 13:58:55 +0100 Dominic Preston wrote: > I'm using nginx 1.26.1 from the nginx.org ubuntu repo. > > I find when I remove the "reuseport" flag from the "listen" directive > for my quic port, a lot page assets fail to load, and the browser > ultimately falls back to http

Re: Allow response with AD bit in resolver

Hello, On Mon, 17 Jun 2024 10:22:24 +0100 Kirill A. Korinsky wrote: > On Mon, 17 Jun 2024 00:21:27 +0100, > J Carter wrote: > > > > Well *I* quite agree. > > > > I would also suggest that as DNS functionality in nginx is strictly > > limited to resolving as

Re: Allow response with AD bit in resolver

Hello, On Sun, 16 Jun 2024 10:07:28 +0100 Kirill A. Korinsky wrote: > On Sun, 16 Jun 2024 02:45:15 +0100, > J Carter wrote: > > > > Sounds familiar :) > > > > https://mailman.nginx.org/pipermail/nginx-devel/2022-May/YQ3MYP4VNQYWEJS3XYLPMU4HZUKS4PYF.html > &

Re: Allow response with AD bit in resolver

On Sun, 16 Jun 2024 04:29:51 +0300 Maxim Dounin wrote: > Hello! > > On Sat, Jun 15, 2024 at 12:02:28PM +0100, Kirill A. Korinsky wrote: > > > Greetings, > > > > Here a trivial patch which allows DNS responses with enabled AD bit > > from used resolver. > > > > Index: src/core/ngx_resolver.c >

Re: Custom HTTP protocol response?

Hello, On Thu, 13 Jun 2024 16:05:18 +0100 Kirill A. Korinsky wrote: > On Mon, 10 Jun 2024 09:56:05 +0100, > Martin Kjær Jørgensen via nginx wrote: > > > > > > Is this possible without hacking nginx sources or manipulative intermediate > > proxies? > > > > As you may see in ngx_http_header_f

Re: NGINX multiple authentication methods (one or the other) AND an IP check seems impossible

Hello, [...] > ``` > The goal is to bypass SSO if a correct HTTP Basic Auth header is present > while making sure connections are only from said IPs. > > When I disable the IP check it works flawlessly. How could I separate these > requirements? > > So (SSO or Basic Auth) and Correct IP Just

Re: Twitter incompatibility

Hello, On Sun, 19 May 2024 16:47:02 -0400 Saint Michael wrote: > I need some help with a Nginx,. Twitter problem > please open a twitter client x.com > and post this link > https://patrician.org/22a51cfb-7d5b-4a97-a687-a10cd1946766/ > and then open a new client and post > https://xlong.org/p/a36

Re: Question regarding $invalid_referer

Hello, On Tue, 5 Mar 2024 13:07:53 -0800 "li...@lazygranch.com" wrote: > I am presently using a scheme like this to prevent scraping documents. > >location /images/ { > valid_referers none blocked www.example.com example.com > forums.othersit

Re: $request_time variable = 0 for small files.

Hello, On Thu, 7 Mar 2024 08:17:23 +0200 Clima Gabriel wrote: > Greetings, > I'm investigating a bug, super easy to reproduce. > Thought you might be curious. > > Minimal Nginx config. Create two files. 100M and 1M: > dd if=/dev/zero of=/var/www/file100M bs=100M count=1 > dd if=/dev/zero of=/va

Re: ssl_reject_handshake breaks other server blocks

Hello Taco, On Sat, 2 Mar 2024 09:54:46 -0300 Taco de Wolff wrote: > Thank you Jordan for the response. > No problem. > Including the SNI information in cURL works, thank you. I wasn't aware this > was so very different from TCP/HTTP2. > > The point I was trying to make about the ssl_certif

Re: ssl_reject_handshake breaks other server blocks

Hello, On Wed, 28 Feb 2024 21:45:37 -0300 Taco de Wolff wrote: > Hi, > > I've noticed at least in 1.24.0 and 1.25.4 that adding an > ssl_reject_handshake to the default server breaks SNI for other > servers. Example: > > ``` > server { > server_name _; > listen 80 default_server; >

Re: location {} access_log off -> no such file or directory

Hello, On Mon, 26 Feb 2024 09:55:10 +0100 "Roberto D. Maggi" wrote: > Hi you all, > > I'm trying to improve the reverse proxy's virtual hosts' configuration > files of my company, > > but I'm facing an issue that I can't understand: > > > In the "location / " block I inserted these lines >

Re: NGINX Reverse Proxy terminate TCP connection after 5 minutes of inactivity

Hello, On Tue, 20 Feb 2024 11:57:27 +0800 Kin Seng wrote: > Hi J Carter, > > Thank you for your reply. > I am capturing the packet from firewall, and the filtering is as per below > for the previously attached pcap. I see, I assumed you had run tcpdump on the nginx host. I&#x

Re: NGINX Reverse Proxy terminate TCP connection after 5 minutes of inactivity

Hello, On Tue, 20 Feb 2024 09:40:13 +0800 Kin Seng wrote: > Hi J Carter, > > This is the only results from the whole 5 minutes session (intentionally > without any transaction to create inactivity). Is there any symptoms which > can prove that other parties are the one who Initi

Re: NGINX Reverse Proxy terminate TCP connection after 5 minutes of inactivity

Hello, On Mon, 19 Feb 2024 16:24:48 +0800 Kin Seng wrote: [...] > Please refer to the attachments for reference. > > On Mon, Feb 19, 2024 at 4:24 PM Kin Seng wrote: > > After capturing the tcp packet and check via wireshark, I found out that > > the nginx is sending out the RST to the public s

Re: Trying to use nginx + passenger for a rails 6 + angular 14 app...

Nevermind, I got it all figured out. Patrick J. Collins https://collinatorstudios.com On Thu, 15 Feb 2024, Patrick J. Collins wrote: > I have a rails app that is purely an api server, with an angular frontend > living under a subfolder in the public directory.. So the server&

Trying to use nginx + passenger for a rails 6 + angular 14 app...

/api/ { passenger_app_root /home/my-app/; passenger_enabled on; } location ^/api/ { index angular-app/index.html; passenger_enabled off; } ... } ``` And I still end up with 500s going anywhere other than api endpoints... Does anyone one know what I can d

Re: ngx_http_v3_init_session function

On Tue, 6 Feb 2024 00:44:56 + J Carter wrote: > On Tue, 6 Feb 2024 00:16:31 + > J Carter wrote: > > > Hello, > > > > On Mon, 5 Feb 2024 23:24:39 +0200 > > Clima Gabriel wrote: > > > > > Hello everyone, > > > > >

Re: ngx_http_v3_init_session function

On Tue, 6 Feb 2024 00:16:31 + J Carter wrote: > Hello, > > On Mon, 5 Feb 2024 23:24:39 +0200 > Clima Gabriel wrote: > > > Hello everyone, > > > > (the code is probably clearer and attached below) > > This function modifies what ngx_connection_t->

Re: ngx_http_v3_init_session function

Hello, On Mon, 5 Feb 2024 23:24:39 +0200 Clima Gabriel wrote: > Hello everyone, > > (the code is probably clearer and attached below) > This function modifies what ngx_connection_t->data points to. > ngx_connection_t->data is initially *ngx_http_connection_t. > The *ngx_http_connection_t is ass

Re: modules after upgrade

Hello, On Thu, 1 Feb 2024 12:28:40 -0500 Larry Martell wrote: > On Thu, Feb 1, 2024 at 11:57 AM Sergey A. Osokin wrote: > > > > Hi Larry, > > > > On Thu, Feb 01, 2024 at 11:34:08AM -0500, Larry Martell wrote: > > > We run Ubuntu 20.04, which has nginx 1.18. I was asked to upgrade it > > > to

Re: Configuration adjustment for GRPC service

Hello, On Thu, 25 Jan 2024 14:53:51 +0100 Ľuboš Pinteš wrote: > Hello Jason and thank for your reply. > > I am fairly new to this stuff. > > Concerning health checks, does it matter if I have only one simple > server? So no load balancing etc.? > Just so you know, active health checks (on t

Re: Limit NGINX log size

Hello, On Sat, 27 Jan 2024 15:55:42 +0530 Rakshith Kumar wrote: > Hello Team, > > I would like to know how to limit the NGINX limit size. > We would like to set size limit for Nginx log files on App Volumes Manager > since it consume disk space over time. Can we add any parameters to > nginx.co

Re: Calculating requests per second, per IP address

Hello, On Fri, 29 Dec 2023 09:54:30 -0300 Rejaine Monteiro wrote: > Hi all, > > I´m running Nginx community edition and need to implement rate limiting > > There's plenty of guides out there on how to do this, but no guides on how > to get real values/stats from the access logs > > > What I

Re: Support on Nginx-ingress V3.4.0

Hello, On Fri, 22 Dec 2023 12:05:51 +0530 Akash Shrivastava wrote: > Hi there, > Urgent support needed on Nginx-ingress 3.4.0 I'd recommend posting ingress controller related questions on the discussions section of it's Github repo. https://github.com/nginxinc/kubernetes-ingress/discussions

Re: serving files from /proc

On Wed, 13 Dec 2023 02:45:54 + J Carter wrote: > Hello, > > On Tue, 12 Dec 2023 16:17:11 +0100 > Jérôme Loyet wrote: > > > Hello, > > > > I'm trying to serve some files from /proc but nginx return a 0 bytes > > content because the file size

Re: serving files from /proc

Hello, On Tue, 12 Dec 2023 16:17:11 +0100 Jérôme Loyet wrote: > Hello, > > I'm trying to serve some files from /proc but nginx return a 0 bytes > content because the file size of many files in /proc/ tree is simply 0 by > design. That is correct, reading Virtual File System files would require

Re: Limiting number of client TLS connections

arding it on in case you need it. On Sat, 25 Nov 2023 16:03:37 +0800 Zero King wrote: > Hi Jordan, > > Thanks for your suggestion. I will give it a try and also try to push > our K8s team to implement a firewall if possible. > > On 20/11/23 10:33, J Carter wrote: > > H

Re: NIC deletes all listeners when rejecting new listener on reserved port

Hi Brad, I'd recommend raising your concern the NIC Github repo's issue tracker. https://github.com/nginxinc/kubernetes-ingress/issues On Fri, 8 Dec 2023 04:55:12 + Brad Bishop via nginx wrote: > Hi Folks, > > We're using NGINX Ingress Controller 3.0.2 (NGINX 1.23.3) in AKS on a couple

Re: Limiting number of client TLS connections

ble. > > On 20/11/23 10:33, J Carter wrote: > > Hello, > > > > A self contained solution would be to double proxy, first through nginx > > stream server > > and then locally back to nginx http server (with proxy_pass via unix > > socket, or to > &g

Re: Limiting number of client TLS connections

Hello, A self contained solution would be to double proxy, first through nginx stream server and then locally back to nginx http server (with proxy_pass via unix socket, or to localhost on a different port). You can implement your own custom rate limiting logic in the stream server with NJS (j

Re: How to run a shell script on every request?

+1 on "why are you doing this?". However, to answer the question - rather than spawning a new shell for every request, use a loop in your bash script that is driven by access log output. For example. tail -n0 -f /var/log/nginx/access.log | \ while read; do echo "one request"; d

Re: ssl preread for postgres connection

On Sun, 14 May 2023 19:09:30 +0100 J Carter wrote: > Hello, > > > On Sun, 14 May 2023 17:33:10 +0300 > > Maxim Dounin wrote: > > > Hello! > > > > On Sun, May 14, 2023 at 09:55:54AM +0400, Roman Arutyunyan wrote: > > > > > Hi Eduard,

Re: ssl preread for postgres connection

Hello, > On Sun, 14 May 2023 17:33:10 +0300 > Maxim Dounin wrote: > Hello! > > On Sun, May 14, 2023 at 09:55:54AM +0400, Roman Arutyunyan wrote: > > > Hi Eduard, > > > > On Sat, May 13, 2023 at 10:43:59PM -0600, Eduard Vercaemer wrote: > > > for some context, I recently I tried configuring ng

Re: resolver does not work

Hi, On 18/04/2023 13:58, mailingl...@unix-solution.de wrote: Hello, I have a nginx proxy in front of systemd-nspawn containers. The IP's of the containers are dynamic. When I start nginx *after* the  containers it works. When the IP of the container is changed while nginx is running i get a "B

Re: Where to compress text files and filter access

Hello Maxim,Thank you for this detailed answer.I'll keep it in my personal notes.I wish you a good year for 2023 Le vendredi 30 décembre 2022 à 01:17:11 UTC+1, Maxim Dounin a écrit : Hello! On Wed, Dec 28, 2022 at 11:05:01PM +, Mik J via nginx wrote: > What is the best

Where to compress text files and filter access

Hello, What is the best practice for these two situations: 1. Compress text files, should I make the compression on the reverse proxy or on the backend server ? 2. Deny access to specific files for example, files starting with a dot .file, should I write the rule on the reverse proxy or on the ba

website/admin behind my reverse proxy doesn't work

Hello, I have a website hosted on a server using nginx behind a nginx reverse proxy but things don't work properly. https://mywebsite.org => workshttps://mywebsite.org/admin => doestn't work it redirects to https://mywebsite.org On my backend serverserver {     listen 80;     server_name

Re: Nginx sends syslog messages with the name of the server - I would like the ip

Thannk you Jeffrey for your help Le dimanche 11 décembre 2022 à 09:31:10 UTC+1, Jeffrey 'jf' Lim a écrit : On Sun, Dec 11, 2022 at 8:03 AM Mik J via nginx wrote: > > Hello, > > My Nginx server sends syslogs to my remote syslog server with a host = > myserver

Nginx sends syslog messages with the name of the server - I would like the ip

Hello, My Nginx server sends syslogs to my remote syslog server with a host = myserver.mydomain.org However I would like that the host to be the IP a specific IP of the server (which exists) On my Nginx server server { ... access_log syslog:server=1.2.3.4; error_log syslog:server=1.2.3.4; Is i

Re: 2 x Applications using the same domain behind a reverse proxy

p code is not being processed. Does anyone has a idea ? Le mardi 19 juillet 2022 à 16:32:05 UTC+2, Mik J via nginx a écrit : Hello Ian, Thank you for your answer. I did what you told me Now I have on my reverse proxy location / {     proxy_pass  h

Re: Php page returns 450

access to anypage inside the /log directory. Thank you Le samedi 23 juillet 2022 à 12:04:56 UTC+2, Mik J via nginx a écrit : Hello, I use an application named Cacti and everything works well except the logout.php page So when I try to accesshttps://example.org/index.phphttps://example.org

Php page returns 450

Hello, I use an application named Cacti and everything works well except the logout.php page So when I try to accesshttps://example.org/index.phphttps://example.org/graph_view.phpIt works, code http is 200 But when I access the logout.php page a page 404 is returnedGET /logout.php HTTP/2.0 For

Re: 2 x Applications using the same domain behind a reverse proxy

ally, you need to protect against sneaks who try to execute code, by adding a try_files thus... location ~ \.php$ {     try_files $uri =450;     include /etc/nginx/fastcgi.conf;     fastcgi_split_path_info  ^(.+\.php)(/.+)$;         etc. Hope this helps. Ian On 18/07/2022 05:08, Mik J via nginx wro

2 x Applications using the same domain behind a reverse proxy

Hello, I don't manage to make my thing works although it's probably a classic for Nginx users. I have a domain https://example.org What I want is thishttps://example.org goes on reverse proxy => server1 (10.10.10.10) to the application /var/www/htdocs/app1https://example.org/app2 goes on reverse

Re: Real client IP in the error logs when a server is behind a reverse proxy

, You need to set the reverse proxy ip in the www server: https://nginx.org/r/set_real_ip_from Also note this will replace $remote_addr with the value from X-Real-IP header (the original value is in $realip_remote_addr). On Thu, Jun 30, 2022, at 21:56, Mik J via nginx wrote: > Hello, >

Re: Real client IP in the error logs when a server is behind a reverse proxy

What linux distro is NginX running on? PEREGRINE IT Signature *Matthew J BLACK*   M.Inf.Tech.(Data Comms)   MBA   B.Sc.   MACS (Snr), CP, IP3P When you want it done /right/ ‒ the first time! Phone: +61 4 0411 0089 Email: matt...@peregrineit.net <mailto:matt...@peregrineit.net&g

Real client IP in the error logs when a server is behind a reverse proxy

Hello, I have a real server placed behing my reverse proxywww server 192.168.1.10 <---> 192.168.1.20 reverse proxy <---> NAT Firewall <---> Interrnet <---> Client on Internet My configuration on my reverse proxy (192.168.1.20) looks like that location ^~ / {     proxy_pass  h

HEAD request to GCS caching body

I use nginx as a forward proxy, with content caching. My app first performs a HEAD request to a Google Cloud Storage object. Then it may perform a GET request to the same object. The HEAD request (which comes first) causes a cache MISS. The content body length returned to the client is 0 (which

Re: forward proxy config is causing "upstream server temporarily disabled while connecting to upstream" error

Hi Maxim, > > You are trying to connect to an upstream server with an IPv6 > address, yet your system has no IPv6 addresses configured, so > the connection attempt fails. This is not fatal, as nginx is able > to switch to using other addresses of the same server, but > probably a configura

forward proxy config is causing "upstream server temporarily disabled while connecting to upstream" error

I want to set up nginx as a forward proxy - much like Squid might work. This is my server block: server { listen 3128; server_name localhost; location / { resolver 8.8.8.8; proxy_pass http://$http_host$uri$is_args$args; } }

Build Issue on Ubuntu and Linux following instructions on blog post https://www.nginx.com/blog/video-streaming-for-remote-learning-with-nginx/

Hi All, Found an issue within the build of nginx. Following James' instructions on https://www.nginx.com/blog/video-streaming-for-remote-learning-with-nginx/ : mkdir buildnginx cd buildnginx sudo git clone https://github.com/arut/nginx

Re: How to do location /test/place?id=2

On 10/18, P.V.Anthony wrote: > On 18/10/19 5:26 am, Jeff Dyke wrote: > > I know this is not an answer to your question, but it begs another, > > mainly due to the if statement.  How many of these are you going to > > have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ > > > > Y

Static content and Front Controller pattern under same base URI

Hello, nginxers! What's the best way to server static content as well as dynamic content that uses the Front Controller pattern under the same base URI? I'm dealing with a web app partially written in PHP that expects to serve static content as well as dynamic PHP content, using the Front Control

Re: How to do location /test/place?id=2

On 10/18, P.V.Anthony wrote: > Currently have the following url, > > https://old.example.com/test/place?id=1 > https://old.example.com/test/place?id=2 > https://old.example.com/test/place?id=3 > > Need to redirect only id=2 to another url. > > Did the following and it works for id=2. Need id=1 a

Re: IOS keep asking password with nginx auth_basic

On 10/17, tiendungitd wrote: > any idea about this issue? Are you serving over HTTPS? Are you positive that you are *not* serving any content over HTTP from HTTPS? Can you create an MCVE (minimal, complete, and verifiable example) for a ".txt" file over HTTP? For a ".txt" file over HTTPS? For

Re: PR_END_OF_FILE_ERROR after kernel update

On 10/04, Ken Wright wrote: > Okay, I rebooted the server then tried testing the cert.  SSL Labs > reports no secure protocols supported.  Once again, I'm lost.  I know I > set up the server to use LetsEncrypt certs, and I've checked them; > they're there.  I tried disabling the server's firewall a

Re: RHEL Yum repo instructions don't work on RHEL 7

On 10/02, Konstantin Pavlov wrote: > Yep, that seems like the easiest solution. I've put Client, Workstation > and Server symlinks for respectable major releases to both stable and > mainline repos - I'd appreciate if you try again and let me know if that > fixes the issue for you. I confirm that

RHEL Yum repo instructions don't work on RHEL 7

Hello! I'd like to report a problem with the RHEL/CentOS instructions at https://nginx.org/en/linux_packages.html#RHEL-CentOS They don't work on RHEL 7. When I attempt to install the nginx package as root with yum install nginx I get an HTTP 404 error: http://nginx.org/packages/centos/

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/04, Jürgen Wagner (DVT) wrote: > This is the effect you get by having the HTTP equivalent of a symbolic link > in the NGINX (visible to the browser), not in the file system (which is > opaque to users). The file system link will (over time) serve different > contents under the same URL, so in

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/04, Jürgen Wagner (DVT) wrote: > Now, you want to be able to say what is the "current" version and reflect > this in the URL namespace as well. In the file system, that's a symbolic > link. In the URL namespace of NGINX, that could be a redirection (status > code 307). Both approaches would w

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, j94305 wrote: > I've been following this, and I would take a slightly different approach. > > 1. Serve all apps under /{app}/releases/{version}/{path} as you have them > organized in the deployment structure in the file system. > > 2. Forget about symbolic links and other makeshift vers

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/03, J. Lewis Muir wrote: > On 09/02, Francis Daly wrote: > > But if "the app" involves a http request to part1.php and then a http > > request to part2.php (or: a second http request to part1.php), I don't > > think that the symlink+realpath thing will pre

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/02, Francis Daly wrote: > nginx does not "do" php. nginx does not care what your fastcgi server > will do with the key/value pairs that it sends. nginx cares that the > fastcgi server gives a valid response to the request that nginx makes. > > Typically, your fastcgi server will use the valu

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/31, Francis Daly wrote: > On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote: > > On 08/31, Francis Daly wrote: > > Hi there, > > > > * starts with /my-app/current/ -> reject > > > * starts with /my-app/releases/ -> reject > &g

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, Ian Hobson wrote: > Hi Lewis, > > On 30/08/19 18:33, J. Lewis Muir wrote: > > Hello! > > > > I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that > > uses a deployment structure which uses an atomic symlink change for an &

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/31, Francis Daly wrote: > On Sat, Aug 31, 2019 at 12:21:40AM +0100, Francis Daly wrote: > > Hi there, > > A few further thoughts here... > > > It sounds like your desires are for requests: > > > > * starts with /my-app/current/ -> reject > > * starts with /my-app/releases/ -> reject > >

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/31, Francis Daly wrote: > On Fri, Aug 30, 2019 at 04:59:36PM -0500, J. Lewis Muir wrote: > > Hi there, > > > I was wishing for a way to specify a new root but with a modified > > request URI. So, I tried the alias directive, and I assumed that > > $document

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, Francis Daly wrote: > On Fri, Aug 30, 2019 at 01:58:23PM -0500, J. Lewis Muir wrote: > > Hi there, > > > location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) { > > alias /srv/www/my-app/current/$1; > > fastcgi_split_path_info ^(.+?\.php)(/.*)$; >

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > On 08/30, J. Lewis Muir wrote: > > I'm wondering if the fastcgi_split_path_info function or the if > > directive is what's emitting the file op message in the error log which > > would mean that one or both of $realpath_root or $fast

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > I'm wondering if the fastcgi_split_path_info function or the if > directive is what's emitting the file op message in the error log which > would mean that one or both of $realpath_root or $fastcgi_script_name > are not set to what I expect.

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > I initially tried using the alias directive which I thought was a better > fit for what I wanted to do > > location /my-app/ { > alias /srv/www/my-app/current/; > index index.php; > } > > location /my-app/

Allow internal redirect to URI x, but deny external request for x?

Hello! I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that uses a deployment structure which uses an atomic symlink change for an atomic app deploy, and I'm wishing to be able to do an internal redirect in nginx to URL x, but deny an external request to the same URL x so that I d

Re: Why 301 permanent redirect with appended slash?

On 07/31, Francis Daly wrote: > On Tue, Jul 30, 2019 at 05:12:01PM -0500, J. Lewis Muir wrote: > > Hi there, > > > I have a minimal nginx.conf with one server block that sets the root > > directory and one location with a prefix string of "/foo/", and for a &

Why 301 permanent redirect with appended slash?

Hello, all! I have a minimal nginx.conf with one server block that sets the root directory and one location with a prefix string of "/foo/", and for a request of "/foo", it returns a 301 permanent redirect to "/foo/". Why? I expected it to return 404 or similar. I also tried a prefix string of "

Implicit root location?

Hello, all! I have a minimal nginx.conf with one server block that sets the root directory but has *no* location directives, yet for a request of "/", it serves "/index.html". Why? With no locations specified, I expected it to return 404 or similar for any request. Here's the server block (enti

Re: Capture clear text with Nginx reverse proxy

Thank you for your answer Stuart. I'm on an Openbsd platform and it's not available for it. It seems to me a bit complicated because I'll have to insert it between the Nginx reverse proxy and the end server. Have you used it ? Le dimanche 5 mai 2019 à 04:01:54 UTC+2, Andrew Stuart a écr

Reverse proxy and 502 bad gateway

Hello, I'm sucessfully accessing a server/site behind my reverse proxy with the following URL https://app.mydomain.org/screens/dashboard.html#/MainDashboard But the following URL gives a 502 Bad Gateway https://app.mydomain.org/screens/webui/resource/swccopolldata.json I don't understand why bey

Capture clear text with Nginx reverse proxy

Hello, I often try to solve problems between Nginx and the server communicating in https client <= https => Nginx <= https => server And I don't have access to the server or it's a source code that is closed so it's not possible to troubleshoot there. Is there a way to see in clear text what i

Re: avoid redirect

the `return 301 ...` inside a location block too. Otherwise, it overrides all the location blocks. I'm on my phone now, but I'll try to share a sample file from one of my servers (that works as you want it) when I get back to my computer. Moshe On Sun, Dec 2, 2018, 5:03 PM Mik J via

avoid redirect

Hello, I'd like to be able to offer let's encrypt in port 80 only and redirect everything else to port 443 server {     listen 80;     listen [::]:80;     listen 443;     listen [::]:443;     server_name http://www.mydomain.org blog.mydomain.org;     location ^~ /.well-kn

Re: Resolver not working as expected

nin wrote: > Hello! > > On Mon, Aug 27, 2018 at 06:56:01PM +0530, Sharan J wrote: > > > Hi, > > > > Sample conf: > > > > http{ > > resolver x.x.x.x; > > server { > > server_name _; > > location / { > >

Resolver not working as expected

Hi, Sample conf: http{ resolver x.x.x.x; server { server_name _; location / { proxy_pass http://somedomain.com; } } I have nameservers configured in my resolv.conf. But, somedomain.com will be configured in x.x.x.x DNS server only. So, I have specified resolver in

Re: Reverse proxy for multiple domains

param  SCRIPT_FILENAME $document_root$fastcgi_script_name; include        fastcgi_params; } Le mercredi 30 août 2017 à 19:57:40 UTC+2, Francis Daly a écrit : On Sun, Aug 27, 2017 at 11:27:05AM +, Mik J via nginx wrote: Hi there, > > Thats because the pages are called by the reverse p

Re: IPv6 does not work correctly with nginx

if nginx treats it differently Le vendredi 5 janvier 2018 à 12:26:20 UTC+1, Francis Daly a écrit : On Fri, Jan 05, 2018 at 01:04:52AM +, Mik J via nginx wrote: Hi there, > I'm trying to finish to configure nginx for ipv6 > listen [::]:443 ssl;doesn't workbutlist

IPv6 does not work correctly with nginx

Hello, I'm trying to finish to configure nginx for ipv6 listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works I need to explicitly specify the ipv6 address whereas in ipv4 I don't need to # nginx -V nginx version: nginx/1.12.1 server {     listen 443 ssl; #    listen [::]:443 ssl;

Re: Reverse proxy for multiple domains

fine http://application1.org/wp-content/themes/Avada/images/divider-02.gifSo there's just a problem with the previous URL Another question, if I want to set expires header, would it be better to do it on the reverse proxy or on the backend server ? Regards Le Dimanche 20 août 2017 22h08,

Re: Reverse proxy for multiple domains

y application would be accessible by www.application1.org than www.application1.org/app/application1 like right now Le Jeudi 17 août 2017 21h35, Francis Daly a écrit : On Thu, Aug 10, 2017 at 09:17:14PM +, Mik J via nginx wrote: Hi there, > I have application1.org and applicat

Reverse proxy for multiple domains

Nginx: 1.10.2 Hello, I'm tryging to get reverse proxy working with multiple domains I have application1.org and application2.org. The client requesting these URLs, arrives one the reverse proxy. On this reverse proxy I have a virtual host which looks like that server { listen 80; server_

Re: HTTP/2 custom status codes

P/2 alone? and not in HTTP/1.1? Thanks, Shanthu On Wed, Aug 9, 2017 at 9:07 PM, Maxim Dounin wrote: > Hello! > > On Wed, Aug 09, 2017 at 08:46:41PM +0530, Sharan J wrote: > > > Hello, > > > > I am using Nginx as a reverse proxy and have enabled HTTP/2. For a > >

HTTP/2 custom status codes

Hello, I am using Nginx as a reverse proxy and have enabled HTTP/2. For a particular request, my back-end server sends a custom 4 digit status code (say ). When connecting via HTTP/1.1, the exact status code is returned to the client but, when connection via HTTP/2, the response headers along

Re: Re: Re :Re: Re:Reverse-proxying: Flask app with Bokeh server on Nginx

s not static. I posted the full source code here: https://stackoverflow. com/questions/43743029/reverse-proxying-flask-app- with-bokeh-server-on-nginx/44150473#44150473 Thanks a lot for your help! Cheers! > Message: 3 > Date: Tue, 16 May 2017 17:49:07 +0100 > From: Francis Daly >

Re: Re: Re :Re: Re:Reverse-proxying: Flask app with Bokeh server on Nginx

ny_abc/",session_id= session.id,url=url_https) The Bokeh log file says that a WebSocket is opened and a ServerConnection is created: 2017-05-17 10:21:09,915 WebSocket connection opened 2017-05-17 10:21:10,769 ServerConnection created What does the new error mean? Why is a WebSocket opened

Re :Re: Re:Reverse-proxying: Flask app with Bokeh server on Nginx

return render_template("company_abc.html", bokeh_script=bokeh_script) This, however, results in the following error in Chrome: GET https://www.geomorphix.net/geomorphix/autoload.js?bokeh-autoload-element=dd …6035f61fef5e&bokeh-session-id=hLR9QX79ofSg4yu7DZb1oHFdT14Ai7EcVCyh1iArcBf

Re:Reverse-proxying: Flask app with Bokeh server on Nginx

> > Message: 2 > Date: Fri, 12 May 2017 13:33:16 +0300 > From: "Reinis Rozitis" > To: > Subject: Re: Reverse-proxying: Flask app with Bokeh server on Nginx > Message-ID: > Content-Type: text/plain; format=flowed; charset="UTF-8"; > reply-type=original > > > I understand that I might have

Reverse-proxying: Flask app with Bokeh server on Nginx

I have created a website with Flask that is serving a Bokeh app on a Digital Ocean VPN. Everything worked fine until I secured the server with Let's Encrypt following this tutorial . In step 3

  1   2   >